►
Description
[SIG-Network] Ingress NGINX Bi-Weekly Meeting for 20221013
A
Hello:
everyone,
it's
October,
13th,
it's
James
strong.
This
is
the
Sig
Ingress
nginx
sub
project
meeting
facing
networking,
which
means
it
is
subject
to
the
cncf
code
of
conduct,
which
remains
be
kind
to
everyone.
If
you
have
any
issues,
please
report
those
to
myself
or
cardo
or
the
Sig
networking
leads
or
the
cncf
themselves.
A
So
with
that
we'll
go
ahead
and
get
started
as
I
was
saying
at
the
beginning
of
the
meeting
before
we
start,
recording
was
not
prepared
for
this,
so
I
don't
have
a
list
of
things
for
us
to
go
through
from
action
items.
We
can
go
back
and
look
at
what
we
need
to
discuss.
We've
got
a
couple
things
for
kubecon
that
we
probably
want
to
discuss
with
the
community.
A
We
started
looking
at
that
got
some
of
the
server
results
back,
but
I
think
the
big
thing
we
want
to
make
sure
that
we
do
the
issue
triaging,
because
I
noticed
there
was
a
lot
of
discussion
and
the
100
or
so
responses
about
issue
challenging.
So
I
want
to
make
sure
that
we
do
do
that
before
we
jump
into
the
project
stabilization
and
the
big
success
that
Ricardo's
had
over
the
past
week
or
so
so.
A
I'm
gonna
go
ahead
and
we
can
jump
in
the
issue.
Triaging
I
think
everyone
here
is
introduced
themselves,
but
if
you
are
new-
and
you
want
to
introduce
yourselves
what
you're
talking
about
with
the
project
or
if
there's
anything
that
we
need
to
discuss,
go
ahead
and
drop
those
in
the
chat,
so
we
can
pull
those
up
when
we
get
to
them.
B
C
Hi,
so
my
name
is
Joel
I'm
20
years
old,
I'm
Brazilian
as
well,
well,
I've
been
using
kubernetes
for
for
a
while,
now
and
I'm
trying
to
get
into
it.
I'm
trying
to
contribute
a
little
more
so
just
here
to
as
a
listener
want
to
learn
something
new,
so
I
hope
you
guys
will
see
me
the
next
in
the
future
too.
So
thank
you
and
well
Ricardo
I.
B
B
D
A
No
I
want
to
make
sure
we
get
it
right,
Joe
Joe,
all
right!
Thank
you
for
joining.
That's
awesome!
If
you
have
any
questions
about
issues
or
things
like
that
or
how
we
proceed
through
things
feel
free
to
hit
us
up
in
the
Ingress
dub
slack.
So
thank
you
for
joining
with
that.
We
will
start
the
the
triaging
of
issues
as
soon
as
I
can
find
the
share
button.
A
All
righty:
let's
go
ahead
and
get
started.
1109
I
just
want
to
keep
us
keep
track
of
the
time
alrighty.
So
as
always,
we
want
to
start
looking
at
the
needs,
triage
and
priority
issues.
So
let's
go
ahead
and
jump
into
them.
Is
there
any
that
anyone
knows
about
that?
We
should
look
at
before.
We
just
go
through
the
list.
E
Ricardo
mentioned
about
the
default
backend
and
it
was
iffy
until
a
little
while
ago,
but
one
or
two
issues
have
come
in
so
looks
like
we
should
look
at
it
and
replace
and
and
make
sure
that
it's
our
own
image.
That
means
so
background
is
that
if
we
enable
default
backend
it,
it
uses
an
image,
that's
on
GCR,
but
that
we
don't
maintain
and
it's
like
real
old.
E
B
Yeah
yeah
this
is
this
is
one
that
was
really
good,
that
someone
took
on
on
slack
actually,
because
we
use
an
image
that
we
don't
maintain
and
no
one
else
maintains
as
well
right.
So
it's
gonna
be
probably
a
really
good
first
issue,
at
least
to
assemble
this
as
a
small
engine,
X
container
or
something,
or
even
like
a
python,
a
python
container
just
running
like
part
8080
with
a
default
back-end
or
something
like
that.
E
B
Did
I
I
was
sure
that
this
image
was
ours?
Actually
I
was
like
okay,
this
is
ours,
and
this
this
person
actually
came
to
see
network
or
CKC
infra
asking
and
then
I
I
directed
this
person
like
hey.
Can
you
go
to
our
slack
Channel,
because
this
is
ours
and
then
I
realized
that
this
is
actually
not
ours,
but
yeah.
A
B
A
B
So
I
think
that
we
should
I,
don't
think
we
should
Fork
because
they
have
like
they
are
using
like
a
gold
program
that
answers
HTTP,
whatever
I
think
we
can
just
have
some
simple,
really
simple,
HTTP
server
that
can
be
the
default
back-end
right.
Otherwise,
it's
just
going
to
be
another
image
with
CVS
blah
blah
whatever
so.
E
B
E
B
B
Yeah,
okay,
because
because
I
mean
I
would
like
at
least
to
separate,
if,
if
those
are
like
different
problems,
one
is
just
maintaining
the
default
back
end
image
and
the
other
one.
It's
like
the
way
that
we
pass
holes
or
whatever
to
the
default
back-end
a
pod
I
think
those
are
two
different
problems
that
we
need
to
deal
with
them
differently.
Right.
D
A
A
C
D
D
B
A
F
A
B
A
B
A
A
B
E
D
A
D
E
B
D
E
D
E
A
A
B
No,
no,
no,
no!
So
the
default
back
end
it's
so.
You
have
the
the
front
and
virtual
holes
right
and
then
you
say
my
default
back
end.
It's
just
this
one!
So
you
pass
the
host
header
to
the
default
back-end
and
then
the
default
backend
can
or
cannot
be
configured
to
to
answer
based
on
the
on
the
host
header
right.
E
B
Will
always
be
fair
yeah,
so
so
so
you
pass
actually
no
no,
no,
no
hold
on
I
think
we
are
going
too
far
here.
But
let's,
let's,
let's
try
to
discuss
that.
Let
let's
try
to
discuss
this
in
offline
because
the
problem
with
the
default
back
end-
it's
just
like
you-
can
have
anything
as
soon
as
it
understands
the
ex
for
what
did
headers
right
so
DX
forward.
Maybe.
E
B
The
host
and
whatever
we
can
keep
it
simple
in
our
case
and
say:
hey
our
default
back
end
is
just
going
to
answer
like
okay
or
not.
Okay,
not
found
something
like
that,
and
in
the
future
we
can
even
create
a
demonstration
on
how
using
the
default
back-end
with
something
different
like
the
default
back
and
it's
gonna
answer
like
this
whole
slash
paths
wasn't
found
right.
E
B
A
Let's,
let's
look
at
this
one:
this
will
be
our
last
one,
but
I
know
that
we've
had
performance
test
issues
before
we've
got
the
memory
issue
and
I
know:
we've
got
the
performance
testing.
So,
let's
see
if
this
is
a
see,
if
they're
doing
anything
out
of
the
ordinary,
so
we'll
we
can
skip
all
the
timeouts
and
everything
I
didn't
do
a
great
job
of
formatting
yeah.
We
still.
A
A
D
A
A
A
To
those
two,
so
I've
got
two
to
respond
to
because
I
wanna
I
know.
We've
got
a
couple
of
people
on
the
call
that
probably
want
to
talk
about
what
they've
been
working
on.
So
we
can
discuss
those
and
I've
noticed
too
just
in
general.
The
troubleshooting
Pages
aren't
really
helpful,
because
we've
got
a
whole
debug
tool
that
we
place
in
there
and
there's
no
I've
not
seen
any
notes
on
how
to
use
that
thing.
A
D
B
Can
I
can
I
can
I
can
go
really
fast.
Sorry,
I
I
was
writing
that
because
I
I
wasn't
paying
attention
to
the
issues
unless
someone
else
when
I
thought
can
I.
Yes,
no,
maybe
okay
cool,
so
cpdp
split
I've
been
fixing
the
fasts
I've
been
fixing
some
things.
I've
been
founding
the
end-to-end
test.
They
are
actually
finding
some
real
bugs
as
well.
So
right
now
we
have
just
40
tests,
failing
which
is
amazing,
because
we
had
80
on
Sunday
120.
B
Last
week,
my
plan
my
plan,
it's
for
between,
because
I
am
kind
of
on
vacation
today
until
Monday.
My
plan
is
it's
to
see
if
I
can
fix
at
least
more
50
of
the
tests
and
then
doing
some
real
closing
some
some
real
things
like
hey.
Now
we
have
end-to-end
tests.
We
know
that
Daniel
that
the
test
they
are
working
and
we
need
to
figure
out
how
to
solve
now
the
other
things
like
load,
balancing
recognizing
reconnection
between
control,
plane
and
data
planes.
Even
writing.
B
Some
end-to-end
tests
on
that
scalability,
adding
compression
testing
testing
the
scalability
of
of
the
split
and
so
on.
Jintao
made
some
reviews.
I
didn't
solve
the
reviews,
yet
I
told
him
because
I'm
trying,
first
of
all
to
have
the
end-to-end
tests
working
and
then
I
will
really
I
promise
you
until
I'm,
not
ignoring
you.
B
I
will
take
a
look
into
all
of
the
reviews
and
even
I
will
do
myself
some
reviews
as
well,
because
I
know
that
I
left
a
bunch
of
debugging
things
like
printf
I'm,
here,
klog,
dot,
warning
now
I'm
here
and
so
on,
like
the
the
the
the
correct
way
of
debugging
things
right
yeah.
So
that's
that's
all
from
my
side.
I
I
hope
that
until
Tuesday
I
have
some
more
things
to
to
deal
with
to
to
to
fix
fix
it.
B
On
the
data
plane
now
being
plugable,
I
know
that
it's
going
to
be
easier
for
us
to
start
doing
the
cleanup
of
the
code
on
the
things
that
we
know
that
we
can
remove
and
so
on.
By
the
way
we
have
that
survey
and
I
think
that
in
some
time
we
would
need
to
put
on
vault
or
discuss
on
the
deprecation
of
things
that
we've
been
thinking
on.
Deprecating
I'm,
not
sure
if
we
should
do
that
after
or
before
coupon
right,
but
I
think
we
should
do
that.
B
Bad
sorry,
it's
not
it's
not
again!
It's
not
that
I'm,
ignoring
it's
just
like
I'm,
really
trying
to
focus
on
on
this
split
control,
clean
and
data
plane,
but
I
would
maybe
differ
to
Jin
Tao.
If
you
can
do
some
review
on
that,
and
we
can
do
a
release
on
the
open,
Telemetry
thing
even
before
the
split
control,
plane
and
data
plane.
I
think
it's
gonna
be
fine
for
us
to
know
how
this
is
going
to
work.
D
D
B
A
E
A
D
C
Honestly
I
didn't
know
about
this.
Your
whole
check.
Actually
you
just
comment:
I'll
take
a
look
I'm,
not
that
sure.
If
I
like
it,
the
job
summary
because
honestly
I
I,
don't
know
how
frequently
we
will
look
there
and
how
fast
these
reports
will
come.
So
I
did
take
a
look
at.
How
can
we
do
it,
but
I'm
not
too
sure
if
it's
if
it
would
be
a
a
good
presentation
of
the
results
you
know
about
this
sorry.
A
I
I
agree
because
I
think
the
the
summaries
don't
alert
people
on
issues
because
we
don't
have
any
other
any
things
that
connect
like
GitHub
action,
output
or
failures
like
do
we
want
to
fail,
I,
don't
know
if
we
want
to
fail
if
those
vulnerabilities
found,
because
that's
really
the
only
way
you
get
alerted.
If
actions
fail
report
to
GitHub
security.
C
Yeah
I'm
not
familiar
with
that,
but
I
I'll
take
a
look
at.
Maybe
we
can
discuss
later
in
this
late
because
I
don't
know
about
service
reports
and
stuff.
So
not
too
sure.
If
I
can't
comment
about
that
right
now,
I
thought
about
maybe
commenting
the
pr
like
which
vulnerability
were
vulnerabilities
were
found.
If
any,
but
still
I,
don't
know.
If
Comics
you
need
an
unrelated
VR
about
some
vulnerabilities
actually
help
at
all
so
yeah
I'll.
D
D
A
C
Yeah
would
help
the
the
only
problem
with
this
approach.
Is
that
I'm
not
too
sure
how
we
can
manage
those
issues
to
not
be
repeated?
You
know
only
using
the
action,
so
I
don't
know.
If
two
PR
is
fine,
the
same
vulnerability.
How
can
we
make
sure
not
to
report
it
more
than
once
you
know,
so
we
span
a
lot
of
visuals
in
the
in
the
project,
so
yeah
I
don't
know
about
that.
A
D
D
E
D
A
A
E
A
E
E
E
E
D
A
A
B
B
Maybe
this
should
be
a
a
global
thing
as
well,
because
you
can,
if
someone
configures
this
annotation,
a
specific
Ingress
with
a
value
too
big,
maybe
can
fall
into
the
slow
law,
is
for
the
whole
engine
X
anyway
right.
So
you
have
shared
virtual
hosts
and
then
I
configure
my
my
client
header
for
five
seconds
and
then
James
puts
like
three
minutes
or
three
hours.
Someone
that
figures
out
can
just
abuse,
James
virtual
host
and
keep
opening
connections
and
and
it's
engine
X
doesn't
deal
on
that
in
a
silver
way
right.
B
B
Precedence
we
can
have,
we
can
have
something
like
a
default,
a
configurable
in
a
globe
on
a
maximum
Global
right,
so
the
default,
it's
the
one
that
we
are
going
to
apply
for
everyone
like
10
seconds
now.
Imagine
that
you
have
something
that's
slower
on
the
back
end
for
the
header,
timeout
and-
and
you
don't
want
to
create
a
new
Ingress
controller
just
for
that.
It's
a
bad
situation,
but
I've
seen
happening
a
lot
yeah
right.
So
you
may
want
that
specific
Ingress
to
increase
the
client
heater
timeout
for
that
right.
B
But
you
may
want
that
person
not
to
be
able
to
pass
like
hey
my
client
here
timeout
is
going
to
be
five
hours,
so
the
maximum
that
these
the
Ingress
administrator
added
for
this.
It's
like
10
seconds
or
15
seconds,
but
this
is
something
that
would
be
to
need
to
be
discussed.
Better
I
mean
it's
as
Gentiles
said.
It's
valuable
I!
Just!
Don't
think
that
this
simplistic
implementation
is
going
to
have
help,
or
it's
just
going
to
add
a
worse
vulnerability
on
like
someone
with
access
to
create
a
new
Ingress
control,
a
new
Ingress
object.
B
B
E
B
We
can
we
can
allow
someone
to
configure
the
default
like
saying
hey.
This
comes
from
from
in
China
X,
but
did
they
follow
in
the
config
map
is
like
15
seconds
right.
So
all
of
the
objects.
They
are
gonna
win
50
seconds.
But
if
you
need
something
bigger
than
50
seconds,
you
can
configure
in
your
own
Ingress
object
as
soon
as
it
doesn't
surpass
the
maximum
value
Allowed
by
the
Admin
right.
E
B
B
It's
the
com,
it's
the
kpli
five
out.
Actually
it's
the
time
that
that
communication
keeps
open
until
someone
says:
okay,
you
are
open
for
too
much
time
without
any
communication
right,
because
the
idea
of
the
website,
the
websocket
it's
going
to
be
something
reactive,
yeah,
you
always
open,
and
you
expecting
that
streaming,
someone
pushing
something
and
sometimes
that
streaming
just
gets
closed
by
timeout
or
because
it
doesn't
get
any
any
new
bytes
in
the
middle
of
that
right.
I
think
this
one
is
it's:
it's
different.
B
I
never
saw
a
client
header
need
to
be
bigger
than
like
10
seconds
right,
because
it's
like
you
sending
you
opening
the
communication
and
saying
hey
in
China
X.
It's
me,
and
this
is
what
I
want
so
between
the
it's
me,
and
this
is
what
I
want.
You
cannot
send
anything
and
just
keep
just
keep
feeling
the
communicate
the
the
the
channels
of
the
Ninja
next
right.
So
solar
is
it's
it's
based
on
that
a
new
kind
of
Dos.
You
are
in
gynex
because
you
just
feel
all
of
the
available
connections.
B
D
A
I
accepted
it
anyway,
but
we
somebody's
gonna
have
to
get
assigned
to
it
and
we'll
have
to
prioritize
it.
But
as
of
right
now,
that's
we're
all
pretty
much
maxed
out.
Okay,
probably
won't
put
life
cycle
Frozen
on
that
one
as
well
we're
about
at
time
or
is
there
anything
we
need
to
discuss.
I.
Think
everybody's
got
something
that
they're
assigned
to.
F
So
I
can
give
a
quick
update
on
the
agent
progress.
I
wish
it
was
better
news,
but
we
they
restructured
the
team
and
it's
been
reassigned
to
a
I.
Don't
know
if
you
guys
are
familiar
with
Liam
from
the
nginx
team,
but
he's
taken
that
under
his
umbrella
and
they
did
a
review
of
the
what
they
were
planning
to
release
and
they
didn't
really
think
there
was
enough
there
to
make
it
compelling
for
the
community.
So
it's
being
re-examined
and
they're
building
a
bigger
team
around
it
now.
So
it's
it's.
A
Right
folks,
I
think
the
next
one
next
community
meeting
I
think
lands
on
kubecon.
We,
if
I'm
not
mistaken,
so
we'll,
probably
cancel
that
one,
because
we
are
presenting
on
Friday
with
our
community
updates
with
where
we're
at
in
our
plans.
So
I
can
drop.
The
I'll
drop,
the
presentation
in
the
Ingress
Dev
again
I
started
working
on
a
little
bit
more.
It's
got
some
of
the
survey
results
in
there
I'm
gonna.
A
E
F
So
that's
it!
That's
I
I
have
those
two
issues
she
sent
to
me
and
I
was
looking
for
a
home
for
them
and
I
literally
just
found
it
this
morning.
So
that's
what
I
was
distracted
by
talking
to
Brian
who's,
the
who's,
the
he's
the
lead
PM
for
for
nginx
Ingress
inside
the
company,
so
I
I
will
I
will
bring.
He
specifically
asked
me
to
bring
those
issues
to
his
attention.
Out
of
the
blue
and
I
was
like.